One of the challenges weve heard about many times from customers is the challenge of load balancing between tiers of an application. While Elastic Load Balancing addresses many of the complexities of building a highly available application, it doesnt help when you need to balance the load between multiple back-end instances. Until now. As of today, you can create an internal load balancer in your VPC and place your non-internet-facing instances behind the internal load balancer. Heres a simple overview:

The internet-facing load balancer has public IP addresses and the usual Elastic Load Balancer DNS name. Your web servers can use private IP addresses and restrict traffic to the requests coming from the internet-facing load balancer. The web servers in turn will make requests to the internal load balancer, using private IP addresses that are resolved from the internal load balancers DNS name, which begins with internal-. The internal load balancer will route requests to the application servers, which are also using private IP addresses and only accept requests from the internal load balancer.

With this change, all of your infrastructure can use private IP addresses and security groups so the only part of your architecture that has public IP addresses is the internet-facing load balancer. Because the DNS record is publicly resolvable, you could also use a VPN connection and address the internal load balancer from your on-premise environment through the VPN tunnel.

Getting started is easy. Using the AWS Console, simply select the checkbox to make your new load balancer an internal load balancer. Everything else stays the same.

As part of this change, weve also relaxed the constraints on the size of the subnet you need to attach the load balancer to. You can now attach a load balancer to your subnets that have a /27 or larger size.

Im looking forward to hearing about the new scenarios this enables for you. Let us know what you think!